# Exploit Title: RTLO Injection URI Spoofing: WhatsApp, iMessage (Messages app), Instagram, Facebook Messenger. CVE-2020-20093, CVE-2020-20094, CVE-2020-20095, CVE-2020-20096 # Date:...

Fix DIVD-2022-00002 - Grafana Upgrade Mitigation

Fix DIVD-2022-00002: Grafana versions 8.0.0-beta1 through 8.3.0 installed via dpkg/deb package. Mitigation:

by Sick Codes

January 21, 2022

In response to the amazing work by @j0v0x0 "Jordy Versmissen" from Detectify, the double-amazing Dutch Institute for Vulnerability Disclosure, known...

CVE-2021-33669 – SAP Mobile SDK Certificate Provider – Insecure Temporary File Storage – Potential Symlink Attack & Denial of Service

by Sick Codes

October 4, 2021

Title CVE-2021-33669 - SAP Mobile SDK Certificate Provider - Insecure Temporary File Storage - Potential Symlink Attack & Denial of...

CVE-2021-39246 – Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack excessive verbose logging – Windows, macOS, Linux

by Sick Codes

September 24, 2021 - Updated on October 4, 2021

Title CVE-2021-39246 - Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack excessive verbose logging - Windows,...

Sick Codes Speaking @ CornCon Cyber Security Conference September 10-11, 2021 in Bettendorf, Iowa!

by Sick Codes

August 27, 2021

Come see us live at CornCon September 10-11th 2021, discussing Ag Security, Supply Chain Security, and of course, tractor hacking....

CVE-2021-22929 – Brave Browser 1.27 and below permanently logs the server connection time for all v2 tor domains to ~/.config/BraveSoftware /Brave-Browser/tor/data/tor.log

by Sick Codes

August 16, 2021 - Updated on October 4, 2021

Title CVE-2021-22929 Brave Browser 1.27 and below permanently logs the server connection time for all v2 tor domains to ~/.config/BraveSoftware/Brave-Browser/tor/data/tor.log...

Being “root” on two Agriculture Companies (in Good Faith). Maxing out the John Deere Operations Center Worldwide and Case Industrial in Brazil [Agricultural Security & Hacking]

by Sick Codes

August 9, 2021 - Updated on August 29, 2021

Over the weekend, we presented an undertaking by a group of researchers that decided to "just have a look" at...

CVE-2021-29923 – golang standard library “net” – Improper Input Validation of octal literals in golang 1.16.2 and below standard library “net” results in indeterminate SSRF & RFI vulnerabilities.

by Sick Codes

August 7, 2021 - Updated on October 4, 2021

Title CVE-2021-29923 golang standard library "net" - Improper Input Validation of octal literals in golang 1.16.2 and below standard library...

CVE-2021-29922 – rust standard library “net” – Improper Input Validation of octal literals in rust 1.52.0 std::net and below results in indeterminate SSRF & RFI vulnerabilities.

by Sick Codes

August 7, 2021 - Updated on October 4, 2021

Title CVE-2021-29922 rust standard library "net" - Improper Input Validation of octal literals in rust 1.52.0 std::net and below results...

Page 1 of 4 1 2 … 4 Next

No Result

View All Result

Security

CVE-2022-36123 – A vulnerability in Linux kernel mainline v5.18-rc1 through v5.19-rc6 does not clear statically allocated variables in the block starting symbol (.bss) due to a failed early_xen_iret_patch leading to an asm_exc_page_fault, or arbitrary code execution

CVE-2022-35414 – QEMU 4.1.50 through QEMU 7.0.0 – address_space_translate_for_iotlb allows a guest user to crash a host resulting in a denial of service.

Sick Codes @ DEF CON 30 August 11-14 2022!

CVE-2021-33318 IpMatcher v1.0.4.1 and below for .NET Core 2.0 and .NET Framework 4.5.2. incorrectly validates octal & hexadecimal input data, leading to indeterminate SSRF, LFI, RFI, and DoS vectors.

CVE-2022-28345 – Signal client for iOS version 5.33.2 and below are vulnerable to RTLO Injection URI Spoofing using malicious URLs such as gepj.net/selif#/moc.elpmaxe which would appear as example.com/#files/ten.jpeg

Exploit: RTLO Injection URI Spoofing: WhatsApp, iMessage (Messages app), Instagram, Facebook Messenger. CVE-2020-20093, CVE-2020-20094, CVE-2020-20095, CVE-2020-20096

Fix DIVD-2022-00002: Grafana versions 8.0.0-beta1 through 8.3.0 installed via dpkg/deb package. Mitigation:

CVE-2021-33669 – SAP Mobile SDK Certificate Provider – Insecure Temporary File Storage – Potential Symlink Attack & Denial of Service

CVE-2021-39246 – Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack excessive verbose logging – Windows, macOS, Linux

Sick Codes Speaking @ CornCon Cyber Security Conference September 10-11, 2021 in Bettendorf, Iowa!

CVE-2021-22929 – Brave Browser 1.27 and below permanently logs the server connection time for all v2 tor domains to ~/.config/BraveSoftware /Brave-Browser/tor/data/tor.log

Being “root” on two Agriculture Companies (in Good Faith). Maxing out the John Deere Operations Center Worldwide and Case Industrial in Brazil [Agricultural Security & Hacking]

CVE-2021-29923 – golang standard library “net” – Improper Input Validation of octal literals in golang 1.16.2 and below standard library “net” results in indeterminate SSRF & RFI vulnerabilities.

CVE-2021-29922 – rust standard library “net” – Improper Input Validation of octal literals in rust 1.52.0 std::net and below results in indeterminate SSRF & RFI vulnerabilities.

@sickcodes

@sickcodes

@sickcodes

Discord Server

sickcodes.slack.com

t.me/sickcodeschat

./contact_form